Difference between revisions of "OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector"
Jump to navigation
Jump to search
(5 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
- '''initialize new certificate''' | - '''initialize new certificate''' | ||
<syntaxhighlight lang="javascript"> openssl req - | <syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" </syntaxhighlight> | ||
- '''upload .csr on the CA''' Certification Authority website of your company | |||
<br/>- '''download .crt from the CA''' | <br/>- '''download .crt from the CA''' | ||
<br/>- '''upload .crt to your server''' | <br/>- '''upload .crt to your server''' | ||
<br/>- '''generate keystore''' | |||
<br/> | |||
- '''generate keystore''' | |||
<syntaxhighlight lang="javascript"> | <syntaxhighlight lang="javascript"> | ||
cat website.fr.key > server.pem | cat website.fr.key > server.pem | ||
Line 41: | Line 38: | ||
sslProtocol="TLS" /> | sslProtocol="TLS" /> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
- '''this is now working on https''' 🎉 | - '''this is now working on https''' 🎉 | ||
<br/> | <br/> |
Latest revision as of 10:50, 17 December 2021
On linux server :
- initialize new certificate
openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"
- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server
- generate keystore
cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export -in server.pem -out keystore.p12
- check keystore
openssl pkcs12 -nokeys -info -in keystore.p12
- update tomcat connector
cd tomcat/conf/
vi server.xml
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />
- this is now working on https 🎉